Security News > 2021 > August > Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software
Cisco has addressed a vulnerability in the Firepower Device Manager On-Box software that could be exploited to gain code execution on vulnerable devices.
FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities.
Tracked as CVE-2021-1518 and rated medium severity, the remote code execution vulnerability was discovered by Positive Technologies security researchers Nikita Abramov and Mikhail Klyuchnikov in the REST API of FDM On-Box.
To exploit the vulnerability, an attacker needs to send a special HTTP request to the API subsystem of a vulnerable device.
Cisco addressed the issue with the release of software versions 6.4.0.12, 6.4.4, and 6.7.0.2.
Cisco says it's not aware of the vulnerability being exploited in the wild.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-22 | CVE-2021-1518 | Code Injection vulnerability in Cisco Firepower Device Manager On-Box A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. | 8.8 |